Access control of blockchain based on dual-policy attribute-based encryption

Abstract

In scenarios where multiple parties such as the Internet of Things and Supply Chains participate in data sharing and computing, when accessing data, users not only need to accept the forward access control of the data owner, but also needs to perform reverse access control on the data, so as to realize two-way access control. In the traditional blockchain, all users can participate in accounting and view transaction data, and only protect user privacy through “pseudo-anonymity”. The access rights of different users cannot be distinguished, which cannot meet the user’s two-way access control needs. However, most of the existing blockchain-based access control schemes are one-way access control, which cannot meet the needs of users for two-way access control in scenarios such as the Internet of Things and Supply Chains. Therefore, it is particularly important to design a two-way access control mechanism suitable for application in the blockchain. On this basis, this paper proposes a dual strategy attribute-based encryption (ABE) scheme for distributed outsourcing. This scheme combines two existing schemes, ciphertext-policy ABE and key-policy ABE, and proposes two access structures and a structure of attribute sets. The primary access structure and the secondary attributes are stored in the ciphertext, and the secondary access structure and the primary attributes are stored in the user’s private key. Only when the primary attribute set satisfies the primary access structure and the secondary attribute set satisfies the secondary access structure can the user unlock the ciphertext. This scheme has no single authorization center; instead, blockchain nodes jointly participate in authorization. In addition, the proposed scheme outsources the encryption and decryption of the ciphertext to blockchain nodes to reduce the computing pressure on users and can adapt to the decentralized environment of the blockchain and provide users with two-way access control services. Finally, security analysis shows that the proposed scheme is polynomial-safe under plaintext attack.